42 matches found
CVE-2026-43920
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
CVE-2026-43920
CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...
CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...
ContraFix: Agentic Vulnerability Repair Via Differential Runtime Evidence and Skill Reuse
Large language model LLM agents are increasingly used for automated vulnerability repair AVR, where repository-level reasoning enables them to inspect context and produce source-code patches. However, recent empirical results show that these agents still struggle with real-world vulnerabilities...
App Auto-Patch 安全漏洞
App Auto-Patch is an open-source tool developed by App Auto-Patch for automating the patching of Mac applications. Version 3.4.2 of App Auto-Patch contains a security vulnerability, which stems from insecure permissions, potentially allowing attackers to write arbitrary files...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js RCE Patcher CVE-2025-55182 A simple, automated tool...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...
CVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...
CVE-2025-63918
PDFPatcher executable does not validate user-supplied file paths, allowing directory traversal attacks allowing attackers to upload arbitrary files to arbitrary locations...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63917
PDFPatcher thru 1.1.3.4663 executable's XML bookmark import functionality does not restrict XML external entity XXE references. The application uses .NET's XmlDocument class without disabling external entity resolution, enabling attackers to: Read arbitrary files from the victim's filesystem,...
CVE-2025-63918
CVE-2025-63918 affects the PDFPatcher executable. The root cause is insufficient validation of user-supplied file paths, enabling directory traversal attacks that allow attackers to upload arbitrary files to arbitrary locations. The entry notes a local attack vector with low complexity and high i...
formii (=1.0.0), html-patcher-stream (>=1.0.0 <=1.1.0) +1 more potentially affected by unknown CVE via html-patcher (>=0.0.3 <=0.1.0)
html-patcher NPM version =0.0.3, =1.0.0, =0.1.0, =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-22751...
Malicious code in html-patcher (npm)
The package html-patcher was found to contain malicious code...
MAL-2025-22751 Malicious code in html-patcher (npm)
The package html-patcher was found to contain malicious code...
Malicious code in solara-patcher-legacy (npm)
The package solara-patcher-legacy was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...
MAL-2025-33626 Malicious code in solara-patcher-legacy (npm)
The package solara-patcher-legacy was found to contain malicious code. --- -= Per source details. Do not edit below this line.=-...